In preparation for DEFCON, the hotel provides special 'If you see something, say something' training for their staff.

This is the main conference area for panel talks.
This gigantic space will be divided into three separate tracks.

Darien Acosta

But first, attendees line up at 5am to purchase admission badges.
DEFCON operates on a cash only basis (to prevent credit card fraud) and there is no pre-registration.

Darien Acosta

Badges are $230, so with 20,000 attendees, the con organisers will carefully process around $4.6 million dollars over 3 days. This makes for long lines. (I waited 90 minutes... this experience is affectionately known as LINECON)

The badges aka vinyl records are worn around the neck using lanyards. This makes all conferences goers look like Flavour Flav from the hip hop group Public Enemy.

Luckily Flavour Flav approves.

Defcon banner art by official convention artist - Mar Williams

Darien Acosta

Defcon hotel floor sticker art - also by Mar Williams

Darien Acosta

One of the cafes located near the Paris Casino was designated for exclusive use by DEFCON attendees.

Darien Acosta

This is a typical line experience when attending scheduled talks.
DEFCON is so massive that a single individual can only attend a minute fraction of the available track talks, skytalks, village talks, contests and workshops... not to mention any of the secret invite-only gatherings.

Darien Acosta

This is the 'Medical Devices: Pwnage and Honeypots' talk given by Scott Erven & Mark Collao. When I arrived, only standing room remained.

Darien Acosta

At the talk I learned that many of General Electric's medical devices feature remote access capabilities that use default factory passwords such as 'bigguy.'

Darien Acosta

According to the speakers, GE claims this is not a real security problem because default passwords can be changed... however the speakers argue that according to existing licence agreements, if a medical provider changes the password, then the device is no longer eligible for troubleshooting.... something akin to voiding the warranty. Default passwords are problematic because it can allow any knowledgeable patient to alter their morphine drip or an outside hacker to change the radiation setting on CT machines, exposing patients to harmful levels of radiation without a medical tech or doctor's knowledge. There is little precedent for dealing with these new problems.

This is the DEFCON Contest Area, located in Bally's Event Center.

Darien Acosta

The Contest Area is home to the Packet Village, Car Hacking Village, Data Village, Capture the Flag, Open CTF, Mohawk-Con and a music stage.

Darien Acosta

Here's a guy inspecting a semi-disassembled SUV located in the Car Hacking Village.

Darien Acosta

Hackers could learn a lot about vulnerabilities in vehicles in the village.

This is the FTC RoboKiller contest table. A $50,000 contest challenging programmers to create software to help consumers identify and kill illegal robocalls.

The epicentre of the Packet Hacking Village.

Darien Acosta

The infamous Wall of Sheep is intended to shame conference goers who exhibit poor computer security practices. For example, connecting to the WiFi network and logging into an unencrypted website will get you added to this list.

Darien Acosta

Now over to the Emerging Technology Threats table.

Darien Acosta

This a SCADA system. Variations of these systems are used to monitor and control factory equipment, power plants, water treatment facilities, etc.

Darien Acosta

All about Open Access 4.0

Darien Acosta

Not 100% sure, but this looks like security keypad terminal connected to an Open Access 4.0 board.

Mike Ryan & Richo Healey are able to hack (take command) of various skateboard models by jamming radio signals and broadcasting their own signals.

Darien Acosta

At DEFCON's Vendor Area, a wide variety of items can be legally purchased.

Darien Acosta

Here's the Hak5 table. The giant pineapple advertises the infamous WiFi pineapple device which broadcasts a WiFi honeypot (trap) that can be used for penetration testing (hacking).

Darien Acosta

Hak5 also sells the Lan Turtle (a usb device which opens backdoors for hackers wishing to connect to a network remotely) and the Rubber Ducky USB key (which can be used to capture all text entered on a keyboard and more). Prices are reasonable.

Darien Acosta

Lockpick sets are also for sale. Caveat Emptor: Possession of lockpicks may be considered burglary tools in several U.S. States.

Darien Acosta

Free Internet = Giant antennas that can allow you to connect to your neighbour's open WiFi access point down the street.

Darien Acosta

Vinyl stickers for decorating laptops.

Darien Acosta

Books for sale.

Darien Acosta

Darien Acosta

HACKERS FOR CHARITY is a non-profit organisation solving technology challenges for various non-profits and provides food, equipment, job training and computer education to the world's poorest citizens.

Darien Acosta

Meanwhile, back at the Casino, someone set up a rouge WiFi access point which was promptly removed by Goons and Casino security.

This DARPA server contains over 1,000 Xeon processors and runs software which algorithmically scans software for weak points and patches on the fly. This is probably the very early stages of an Artificial Intelligence that is capable of attacking and defending computer networks autonomously.

Darien Acosta

William Gibson fans should immediately think of I.C.E.

The DARPA Cyber Grand Challenge is a $3.7 million prize competition that 'seeks to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time.'

At the ICS Village, there are Industrial Control System devices available for tinkering.

Some examples of controls that can be breached.

Darien Acosta

During one of the ICS talks, someone caused a drum barrel to violently collapse under the pressure of a vacuum, providing a perfect demonstration of the potential real world consequences of ICS tinkering.